fix(lbac-2837): fix migration (#2373) #1668

Workflow file for this run

.github/workflows/release.yml at c6566c2

	name: Release version
	on:
	push:
	branches: [main, next]

	jobs:
	tests:
	uses: "./.github/workflows/ci.yml"
	secrets:
	CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

	release:
	concurrency:
	group: "release-${{ github.workflow }}-${{ github.ref }}"
	permissions: write-all
	outputs:
	VERSION: ${{ steps.get-version.outputs.VERSION }}
	PREV_VERSION: ${{ steps.get-prev-version.outputs.VERSION }}
	runs-on: ubuntu-latest
	steps:
	- name: Checkout project
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	persist-credentials: true

	- uses: actions/setup-node@v4
	with:
	node-version: 20

	- uses: actions/cache@v4
	with:
	path: \|
	**/node_modules
	.yarn/install-state.gz
	.yarn/cache
	~/.cache
	key: yarn-${{ hashFiles('**/yarn.lock') }}
	restore-keys: yarn-

	- name: Install dependencies
	run: yarn install

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	with:
	platforms: linux/amd64
	install: true

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Expose GitHub Runtime
	uses: crazy-max/ghaction-github-runtime@v2

	- name: Retrieve previous version
	id: get-prev-version
	run: echo "VERSION=$(git describe --tags --abbrev=0 \| cut -c2-)" >> "$GITHUB_OUTPUT"

	- name: bump and release
	run: yarn release
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
	GITHUB_REF_NAME: ${{ env.GITHUB_REF_NAME }}

	- name: Retrieve new version
	id: get-version
	run: echo "VERSION=$(git describe --tags --abbrev=0 \| cut -c2-)" >> "$GITHUB_OUTPUT"

	docker-scout:
	if: needs.release.outputs.VERSION != needs.release.outputs.PREV_VERSION
	concurrency:
	group: "scout-${{ github.workflow }}-${{ github.ref }}"
	needs: ["release"]
	runs-on: ubuntu-latest
	steps:
	- name: Authenticate to Docker
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_USER }}
	password: ${{ secrets.DOCKER_PAT }}

	- name: Server Docker Scout
	uses: docker/scout-action@v1
	with:
	command: quickview,cves,recommendations,compare
	image: ghcr.io/mission-apprentissage/mna_lba_server:${{ needs.release.outputs.VERSION }}
	to: ghcr.io/mission-apprentissage/mna_lba_server:${{ needs.release.outputs.PREV_VERSION }}
	sarif-file: sarif-server.output.json
	only-vex-affected: true
	only-severities: "critical,high,medium"

	- name: Server Docker Upload SARIF result
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: sarif-server.output.json
	category: Docker Server

	- name: UI Docker Scout
	uses: docker/scout-action@v1
	with:
	command: quickview,cves,recommendations,compare
	image: ghcr.io/mission-apprentissage/mna_lba_ui:${{ needs.release.outputs.VERSION }}-production
	to: ghcr.io/mission-apprentissage/mna_lba_ui:${{ needs.release.outputs.PREV_VERSION }}-production
	sarif-file: sarif-ui.output.json
	only-vex-affected: true
	only-severities: "critical,high,medium"

	- name: UI Docker Upload SARIF result
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: sarif-ui.output.json
	category: Docker UI

	deploy:
	concurrency:
	group: "deploy-${{ github.workflow }}-${{ github.ref }}"
	needs: ["release"]
	name: Deploy ${{ needs.release.outputs.VERSION }} on recette
	uses: "./.github/workflows/_deploy.yml"
	with:
	environment: recette
	app_version: ${{ needs.release.outputs.VERSION }}
	secrets:
	DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
	DEPLOY_PASS: ${{ secrets.DEPLOY_PASS }}
	SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
	VAULT_PWD: ${{ secrets.VAULT_PWD }}

	deploy-pentest:
	concurrency:
	group: "deploy-pentest-${{ github.workflow }}-${{ github.ref }}"
	needs: ["release"]
	name: Deploy ${{ needs.release.outputs.VERSION }} on pentest
	uses: "./.github/workflows/_deploy.yml"
	with:
	environment: pentest
	app_version: ${{ needs.release.outputs.VERSION }}
	secrets:
	DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
	DEPLOY_PASS: ${{ secrets.DEPLOY_PASS }}
	SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
	VAULT_PWD: ${{ secrets.VAULT_PWD }}

	sentry:
	needs: ["release"]
	runs-on: ubuntu-latest
	steps:
	- name: Checkout project
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	persist-credentials: true

	- uses: actions/setup-node@v4
	with:
	node-version: 20

	- uses: actions/cache@v4
	with:
	path: \|
	**/node_modules
	.yarn/install-state.gz
	.yarn/cache
	key: yarn-${{ hashFiles('**/yarn.lock') }}
	restore-keys: yarn-

	- name: Install dependencies
	run: yarn install

	- name: typecheck
	run: yarn typecheck

	- name: Build sourcemaps
	run: yarn build
	env:
	NEXT_PUBLIC_ENV: production
	NEXT_PUBLIC_VERSION: ${{ needs.release.outputs.VERSION }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Create vault pwd file
	run: echo ${{ secrets.VAULT_PWD }} > .infra/.vault_pwd.txt

	- name: upload sourcemaps to sentry
	run: .bin/mna-lba sentry:release ${{ needs.release.outputs.VERSION }}
	env:
	ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GITHUB_REF_NAME: ${{ env.GITHUB_REF_NAME }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(lbac-2837): fix migration (#2373) #1668

Workflow file

fix(lbac-2837): fix migration (#2373) #1668

Uh oh!

Jobs

Run details

Workflow file for this run